Forgot your password?
typodupeerror
Privacy Your Rights Online

The Privacy Richter Scale 75

Posted by samzenpus
from the crossing-the-scales dept.
Hugh Pickens writes "Jay Cline writes that not all privacy issues are created equal and proposes a privacy Richter scale to rank the bad things that could happen to our privacy. A privacy Richter 1 or 2 event is a temporary bad turn for you or a handful of people, but nothing systemic, posing no lasting harm to individuals or society as a whole. Examples include receiving someone else's mail, having someone expose something embarrassing about you to co-workers or friends, or losing your wallet or purse. Privacy events measuring 4 to 7 on the scale are risks that can cause real and lasting damage to a lot of people and include stolen laptops containing thousands of Social Security numbers and credit-card numbers that would allow identity thieves to make fraudulent transactions that could impact credit scores for years. Finally events topping 8 are points of no return for large numbers of people and society as a whole. DARPA's Total Information Awareness program, proposed in 2002 and defunded by Congress in 2003, would have topped the scale. 'The massive collection of data about U.S. citizens could have created a perpetual bureaucracy that put at risk our right of due process and protection against unlawful search and seizure.' So where does Google's plan to consolidate its 60 privacy policies into a single approach rank? 'The current change ranks at a 3,' writes Cline. 'Larry Page's company will weather this change. I don't see irreparable or lasting harm or loss of liberty. If you don't like Google, use Bing. Don't watch weird things on YouTube. You shouldn't be sending confidential things through Gmail in the first place.'"
This discussion has been archived. No new comments can be posted.

The Privacy Richter Scale

Comments Filter:
  • by Anonymous Coward on Thursday March 08, 2012 @06:49AM (#39285761)

    "You shouldn't be sending confidential things through Gmail in the first place.'"

    I'm not saying this is bad advice. But the fact that it is not bad advice, REALLY PISSES ME OFF. Not because I even use gmail- as I was hosting a squirrelmail server for my older brother and family before gmail existed, and don't store any quantity of my email on a corporate server for any length of time. But because gmail is what _everyone else_ is using for their email (to the extent that the younguns who won't get off my gedanken lawn use email at all, vs facebook). But enough about my lawn... my point is, that as a 36 year old computer engineer, who literally came of age in college during the deployment of the internet to the masses, then a decade later saw the T.I.A. etc... It's just so, so, sad. Maybe I was naive, but it really felt like people used to have an _expectation of privacy_, for things as basic as person to person long distance communication. E.g. snail mail and phone calls back in the days. These days, I honestly suspect that even when my cell phone appears to be off, that the government and other organized criminals, can and do listen into to my home. I.e. "the walls literally do have ears". But even setting asside that paranoia, and returning to the mundane level of paranoia/common-sense in the quote I'm taking issue with (don't use gmail for confidential communication), I just can't express how sad and disappointed with society I am, even with that level of paranoia now being accepted as common sense. I mean- people need to have an expectation of privacy. They need to feel like they can talk about confidential, personal, private things with their friends and family a hundred or a thousand miles away. And it really just isn't feasible. You still have to practically be one of the 1% tech illuminati to use encryption and actually feel like that even matters. Honestly, I'm the computer engineer, that perhaps a clinically paranoid schizophrenic, has just given up. I figure just using browsers and visiting sites requiring closed source browser plugins (read: the internet), probably makes my entire system insecure to the point that using encryption is pointless, even if the gubernment can't already crack that at will (or will be able to crack the recorded logs a few years down the line when either quantum computing works better, or they just find an obscure flaw or weakness combined with more brute force and the current systems). I dunno man... It's just sad. I had this vision of the internet actually allowing long distance communication of confidential things. Like minority political and philisophical discussion. But no, the world turned out to the point where people just deal with the fact that even though the tech is there, because of attitudes and government surveillance, we just shouldn't try to have confidential exchanges of communication except in person. Sigh... I hate america. And it may be the best of the lot. sad, so sad.

    • by cornjones (33009)

      This is a good post. mod it up.
      i do think much of the problem could be solved w/ a little more applied crytpography. see effs https everywhere campaign. if we encyrpt 95% of the traffic going across the wire, sniffing the remain becomes close to pointless.

      • That might work if this was just about sniffing, but the situation is more complex than that. It's also about the rise of corporate surveilance rather than government - they don't care overly if you are just being subversive, but they'd love to go through all your emails and browsing history to determine how best to flog you crap you don't need. It's about the use of search to make available to the masses the type of background checking that once would have been available only to governments and those willi
        • Corporate surveillance is the same or worse the government surveillance. ANY business will hand over your data when the government comes knocking. You give much more of yourself to businesses than you do to government and they know this. Google is getting slapped around about "privacy" and "monopolistic practices" because they are not playing nice with the establishment. Facebook has way more fucking personal data than Google will ever have and they get a free pass?

      • Sorry but until HTTPS is done correctly it will do exactly squat in actual privacy. What you say about sniffing is true, but it just redirects the problem it doesn't solve it.

        The fact that my bank gets all of the security certificates from a third party makes the actual security of the system non-existent (as demonstrated by countless authorities getting screwed).

        When people start doing it right, and issuing self-signed certificates with credentials we'll be getting somewhere. Once my bank gives me a certif

    • by kermidge (2221646)

      A little paranoid? Perhaps.

      But the way things are now, if you're not a bit paranoid, something is wrong - with you and with the way things are. The very fact that this discussion exists shows that the way things are now is wrong. The fact that many don't understand this is even more wrong.

      As for gmail, I thought about it over a couple of weeks and decided I was OK with a software robot using text in the body to serve me text ads - it's immaterial, and (supposedly - fool I, maybe, for taking their word on

    • by ledow (319597)

      Not being funny, but you can HAVE that level of privacy. Throw your smartphone (which didn't exist when you were a child) away. Disconnect your computer from the Internet (because my ZX Spectrum never had an Internet connection). Write letters (so that you hand them off to some several thousand minimum-wage workers who really have no personal incentive to ensure your letter reaches its destination at all, let alone unread). Use only your landline (which has ALWAYS been as simple to tap as putting a devi

    • by tburkhol (121842)

      Maybe I was naive, but it really felt like people used to have an _expectation of privacy_, for things as basic as person to person long distance communication. E.g. snail mail and phone calls back in the days.

      Back in the day, long distance communication was mostly done through government-regulated monopolies: UPSP, Ma Bell... The idea of the government reading your mail, or listening in on your conversations is pretty abhorrent.

      Along come ISPs. They aren't really government-regulated monopolies - in fact companies like ATT carefully segregate their government-oversight subsidiaries from their ISP subsidiary. Now it's not The Government reading your mail, it's just some company with whom you've contracted. Yo

  • idea fail (Score:5, Insightful)

    by Tim4444 (1122173) on Thursday March 08, 2012 @06:56AM (#39285791)

    Wow! Hijacking a well known metric for a completely unrelated application just to draw a weak metaphor between the original phenomena being measured and this other unrelated event. Who could have ever thought up something so clever? Maybe next he'll invent a "jump to conclusions mat"! After that maybe he'll propose "dollars" as a new term meaning "lines of code" so that when he's introducing himself to unsuspecting women on the bus he can talk about how much "money" he has made.

    FAIL

    • Wow! Hijacking a well known metric for a completely unrelated application just to draw a weak metaphor between the original phenomena being measured and this other unrelated event.

      Not to worry, they'll probably combine it with other bastardized metrics and consign the lot to oblivion. How about a Beaufort scale for phishing and 419 scams, or a Fujita scale for antisocial behaviors (on the internet, of course).

      Perhaps what's really needed is a Kelvin scale for relevance. The suggested "Privacy Richter" scale is pretty cold.

    • by rossdee (243626)

      "Hijacking a well known metric"

      This is America - we don't use metrics.

      Anyway I heard that the scale they use for earthquakes is no longer the Richter scale, (but something similar in magnitude for all but the largest quakes. And how many people are familiar with the magnitude of earthquakes anyway. (unless you live in CA (or some other place that does have tremors - I was born and raised in NZ and have felt magnitude 5 and 6 quakes.

  • by Anonymous Coward on Thursday March 08, 2012 @07:08AM (#39285843)

    ... they make for bad analogies.

    Well, more seriously, I think there really is a problem with a widely accepted premise that the fragility of the systems that our privacy depends on is deity-given, and that thus we have to somehow cope with "privacy incidents", much like we have to deal with earth quakes instead of getting rid of plate tectonics.

    The problem is not so much that from time to time some database containing SSNs is publicly compromised, but that there are SSNs (with all those different functions they serve) in the first place. The object of interest should be the complete lack of any effective protection, which essentially means that large bodies of data are easily available at any time to anyone willing to commit some crimes, while those supposed "incidents" are just the few occasions where it has been publicised, often because some (more-or-less) white-hat did some demonstration.

  • by HBI (604924) <kparadineNO@SPAMgmail.com> on Thursday March 08, 2012 @07:18AM (#39285893) Homepage Journal

    1) This means we've already lost, if we're quantifying the lack of privacy rights and the trampling thereof.
    2) This seems as useful as color-coding terrorist threat levels ala Homeland Security.

  • So if Google implements encrypted mail, would that be a -3 event?

    • by evalhalla (581819) *

      If you use https to write from the gmail web interface to another gmail account (read via https and the web interface) the email is already encrypted, and you can be sure that nobody except for google (and some governments) can read it. Even if google started to encrypt email sent to other providers you couldn't trust them not to read your email before encryption (and forward it to said governments, of course).

      • If no-one man-in-the-middles the recipient's connection, or something similar, and if no-one at google get their hands on this.

      • by awyeah (70462) *

        The only encryption that occurs is the actual connection between you and Google. The e-mail may or may not be encrypted when it's sitting on their servers.

        Not to mention the fact that there's zero guarantee of the e-mail being encrypted when it's passing between mail servers.

  • Like someone once said when referring to earthquakes, "for you, the _big one_ is the one that results in a brick falling off of a building, hitting you on the head, and killing you." So with the example of a 1 or 2, if what's revealed results in a lost job, etc. that's pretty big to you (albeit it possibly just a source of mirth for other people.)
  • by petes_PoV (912422) on Thursday March 08, 2012 @08:19AM (#39286177)

    Different privacy "issues" affect people in different ways. Consequently there is no sensible way to assign a numerical score to a particular event (such as having your bank account number leaked) in absolute terms.

    For example, if someone reveals an unwelcome fact about you on FB, the impact of that "outing" will depend of whether it affects your employability, whether you are interested in being employable (never forget: not everyone is a 20-something american. Some people are retired and don't care that pictures of them being arrested could fall into the hands of an HR person), whether a potential partner may see it - or it may even depend on the values and morals of the viewer. There are no absolutes.

    Even having your credit card number taken is not necessarily a big deal, depending where you live. A lot of countries take a view that bank fraud is absorbed by the bank, not by an individual who blamelessly had their account targeted.

    So, assigning numbers to event without taking into account the context, the situation of the people involved or the place where they live is largely meaningless. And once you do start to account for all these extra circumstances, any numerical evaluation becomes so specific that you can't generalise a level of threat or seriousness to a particular sort of privacy loss.

  • by dragisha (788) <dragisha@@@m3w...org> on Thursday March 08, 2012 @08:45AM (#39286309)

    In Bosnia and Herzegowina we have national id cards. We had them also in former Yugoslavia, so - nothing new here. Except these new ones are barcoded so it is easy to register us on border checkpoints and like. Every time I cross border, they put my id card in scanner and register passage...
    But, we also have long established practice of copying our id card for lots of procedures/applications at banks, telecoms and such. You come to open bank account (like I did just today) and they get your id card and copy both sides... What is interesting, today my friend witnessed this, and he works for another company copying id cards a lot... He was surprised when he saw bank clerk copying id card because at his company they spent friday-sunday destroying all copied id cards because of recent law forbiding this id card data collection. At least somebody came to his senses...
    Imagine that, tons of identities in hundreds of binders in tens of companies... Looks like Fukushima to me :).

  • From OP : "You shouldn't be sending confidential things through Gmail in the first place"

    Why ? Why shouldn't I ? what should I do to send those ? use real mail ? Gmail is an email service, it's not supposed to search through you correspondance, and it shouldn't be allowed to.

    I'm sick and tired of assholes trying to defend privacy invading policies with illconceived arguments. Gmail is a service, a service that you PAY FOR through advertising, and there is ABSOLUTELY NO REASON why google shou

    • From OP : "You shouldn't be sending confidential things through Gmail in the first place"

      Why ? Why shouldn't I ? what should I do to send those ? use real mail ? Gmail is an email service, it's not supposed to search through you correspondance, and it shouldn't be allowed to.

      I'm sick and tired of assholes trying to defend privacy invading policies with illconceived arguments. Gmail is a service, a service that you PAY FOR through advertising, and there is ABSOLUTELY NO REASON why google should take the right to search through your mail, the same way there is no reason for USPS to search through your mails...

      And I'm not an anti-google troll, I have an Android Phone, and I use Gmail and even G+, and they are good products, but all the more reason for us to protect the quality of these services by preventing Google from abusing its position of power regarding its users and invading their privacy.

      Ummm... have you ever noticed the targeted advertising right next to your e-mail, you know, ads for what the e-mail is talking about? And, how are they going to do that without searching your mail? Gmail has always done this, even in the early days, it's part of the bargain, like ads on broadcast TV & radio - they target you by the channel you tune to and when you listen. Your bargain for the "free" Gmail service is that they get to sift through the content of your correspondence to serve up their ad

      • Gmail has always done this, even in the early days, it's part of the bargain, like ads on broadcast TV & radio - they target you by the channel you tune to and when you listen

        Uhmmm.... then let advertisers target Gmail users by the fact they use Gmail. There, done, and now the analogy isn't completely broken either.

        • Gmail has always done this, even in the early days, it's part of the bargain, like ads on broadcast TV & radio - they target you by the channel you tune to and when you listen

          Uhmmm.... then let advertisers target Gmail users by the fact they use Gmail. There, done, and now the analogy isn't completely broken either.

          Google ads are, in part, successful due to their targeting features - the group "all Gmail users" is less specific than a radio station. Maybe you would like a subscription based Gmail where you pay for the service instead of the advertisers? I know some real-estate ads get upwards of $1 per click.

          • the group "all Gmail users" is less specific than a radio station

            Yeah, and growing a tree takes more time than killing your neighbour and taking his. What's your point?

            Maybe you would like a subscription based Gmail where you pay for the service instead of the advertisers?

            It's called "email". Most decent webhosts offer it out of the box. So yeah, sure. I mean, I have that anyway, but it would be nice for the general public to not be so cheap. I mean, having a phone (and making calls) costs like a hundred t

            • I use Gmail as my primary personal e-mail service because:

              1) I don't care that they or anybody else reads my daily drivel, the "nothing to hide" syndrome, I'm not so bold as to put it out there on a Facebook wall like a lot of people, but if you really want to dive in my dumpster, knock yourself out.

              2) they provide a more convenient and useful e-mail service (better "experience") than any alternative I have tried, paid or free. I used paid Eudora for quite awhile, but that's not even an option anymore.

              If I

              • If I've got something to say that I wouldn't want dug up and repeated later

                I post that stuff on slashdot under my real name, just to be safe :D Safe from giving in to snoops and useless people, that is. Anything that could be "digged up" is embarrassing for the person digging it up, not for me.

    • by awyeah (70462) *

      The problem is not Gmail specifically, it's e-mail in general.

      While the traffic between your computer and Gmail is encrypted via HTTPS, the messages may or may not be encrypted on their servers (hopefully they are), and they also may or may not be encrypted between Gmail and the mail servers being used by the people you're corresponding with.

      I would be more worried about sniffing of packets between e-mail servers than I would be about Google employees reading your e-mail.

  • That would be a better measurement. And we are a few minutes before midnight.
  • FTA: "So how serious is the Google policy change? By the sound of the running commentary, this is the worst thing for privacy that's happened so far this year."

    It's the same privacy policy. Unlike having 60 policies, there is one. It's easy to read.

    And since when has anyone had a chance to opt-out of any privacy change, be it at your bank, Facebook, or your job?

    Could you opt out of the original 60 policies? No.
    Great point is at the end.

    FTA: "What's the worst-case scenario here? Google amasses a detailed p

  • by Edrick (590522) on Thursday March 08, 2012 @01:22PM (#39289875)
    There's a simple solution to this --- just say no! If someone asks you to do something you aren't comfortable with, then get up and leave and go somewhere else. If enough people have the guts to do this, then these practices will change. If people in general follow them quietly, then they'll become an accepted part of our society and that'll be that! People are always too quick to forget that they do, in fact, have a choice in nearly everything they do!
  • The author is definitely from California, having chosen Richter as his example scale. Since Charles Richter probably isn't the best example, and since these kinds of things are usually named after their authors, and since Jay was obviously modest enough to not propose naming it after himself, I suggest it be called the Cline scale. Certainly, it might not be better than having Jefferies Tubes named after you, but it's better than the john. Congratulations Jay, something will be named after you. Someone mak

The test of intelligent tinkering is to save all the parts. -- Aldo Leopold

Working...